aboutsummaryrefslogtreecommitdiff
path: root/setup.php
diff options
context:
space:
mode:
authorLaria Carolin Chabowski <laria@laria.me>2020-09-25 23:09:31 +0200
committerLaria Carolin Chabowski <laria@laria.me>2020-09-25 23:09:31 +0200
commit5e347e4efaa81c2108256dc927208cd55dc10baa (patch)
treefccd9fea24e436ea2f3fa073475b2b665a4c31cf /setup.php
parent854fef47192b45517d112e630fe2afa830432253 (diff)
downloadratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.gz
ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.bz2
ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.zip
Use password_hash() and friends to hash and verify passwords
Previously I rolled my own password hashing function. While it at least used some sort of salt, it's still a terrible idea. The newly created class PasswordHash wraps the password_hash() family of functions but can also check the old password hash format (to distinguish them, the new password hashes are prefixed with a '!'). In PasswordHash::needsRehash we then always report an hash of the old format as being in need of a rehash. That way, these old hashes will be replaced the next time the user successfully logs in.
Diffstat (limited to 'setup.php')
-rw-r--r--setup.php1
1 files changed, 0 insertions, 1 deletions
diff --git a/setup.php b/setup.php
index f496dfe..47f2202 100644
--- a/setup.php
+++ b/setup.php
@@ -69,7 +69,6 @@ $files = [
"/ratatoeskr/sys/pluginpackage.php",
"/ratatoeskr/sys/db.php",
"/ratatoeskr/sys/utils.php",
- "/ratatoeskr/sys/pwhash.php",
"/ratatoeskr/sys/init_ste.php",
"/ratatoeskr/sys/models.php",
"/ratatoeskr/sys/textprocessors.php",